The FBI used National Security Letters — a form of surveillance that privacy watchdogs call “frightening and invasive” — to surreptitiously seek information on Google users, the web giant has just revealed.

Google’s disclosure is “an unprecedented win for transparency,” privacy experts said Wednesday. But it’s just one small step forward.

“Serious concerns and questions remain about the use of NSLs,” the Electronic Frontier Foundation’s Dan Auerbach and Eva Galperin wrote. For one thing, the agency issued 16,511 National Security Letters in 2011, the last year for which data was available. But Google was gagged from saying just how many letters it received — leaving key questions unanswered.

“The terrorists apparently would win if Google told you the exact number of times the Federal Bureau of Investigation invoked a secret process to extract data about the media giant’s customers,” Wired’s David Kravets wrote[2]. He described the FBI’s use of NSLs as a way of “secretly spying” on Google’s customers.